update the FIPS RSA keygen to be FIPS 186-4 compliant
This commit is contained in:
Tomas Mraz
parent
0a961bb5e3
commit
3f43f7e93a
@ -125,6 +125,42 @@ diff -up openssl-1.0.1i/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.1i/crypto/dsa
|
|||||||
{
|
{
|
||||||
DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
|
DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
|
||||||
goto err;
|
goto err;
|
||||||
|
diff -up openssl-1.0.1i/crypto/fips/fips.c.fips-reqs openssl-1.0.1e/crypto/fips/fips.c
|
||||||
|
--- openssl-1.0.1i/crypto/fips/fips.c.fips-reqs 2014-09-24 16:38:43.000000000 +0200
|
||||||
|
+++ openssl-1.0.1i/crypto/fips/fips.c 2014-09-24 16:37:28.000000000 +0200
|
||||||
|
@@ -427,27 +427,25 @@ int FIPS_module_mode_set(int onoff, cons
|
||||||
|
ret = 0;
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
- OPENSSL_ia32cap_P[0] |= (1<<28); /* set "shared cache" */
|
||||||
|
- OPENSSL_ia32cap_P[1] &= ~(1<<(60-32)); /* clear AVX */
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
- if(!verify_checksums())
|
||||||
|
+ if(!FIPS_selftest())
|
||||||
|
{
|
||||||
|
- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
|
||||||
|
fips_selftest_fail = 1;
|
||||||
|
ret = 0;
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if(FIPS_selftest())
|
||||||
|
- fips_set_mode(onoff);
|
||||||
|
- else
|
||||||
|
+ if(!verify_checksums())
|
||||||
|
{
|
||||||
|
+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
|
||||||
|
fips_selftest_fail = 1;
|
||||||
|
ret = 0;
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ fips_set_mode(onoff);
|
||||||
|
ret = 1;
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
diff -up openssl-1.0.1i/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.1i/crypto/fips/fips_dh_selftest.c
|
diff -up openssl-1.0.1i/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.1i/crypto/fips/fips_dh_selftest.c
|
||||||
--- openssl-1.0.1i/crypto/fips/fips_dh_selftest.c.fips-reqs 2014-08-13 19:58:06.819832600 +0200
|
--- openssl-1.0.1i/crypto/fips/fips_dh_selftest.c.fips-reqs 2014-08-13 19:58:06.819832600 +0200
|
||||||
+++ openssl-1.0.1i/crypto/fips/fips_dh_selftest.c 2014-08-13 19:58:06.819832600 +0200
|
+++ openssl-1.0.1i/crypto/fips/fips_dh_selftest.c 2014-08-13 19:58:06.819832600 +0200
|
||||||
@ -1084,7 +1120,7 @@ diff -up openssl-1.0.1i/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1i/crypto/rsa
|
|||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
* This package is an SSL implementation written
|
* This package is an SSL implementation written
|
||||||
@@ -165,6 +166,222 @@ int RSA_generate_key_ex(RSA *rsa, int bi
|
@@ -165,6 +166,236 @@ int RSA_generate_key_ex(RSA *rsa, int bi
|
||||||
return rsa_builtin_keygen(rsa, bits, e_value, cb);
|
return rsa_builtin_keygen(rsa, bits, e_value, cb);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1154,6 +1190,7 @@ diff -up openssl-1.0.1i/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1i/crypto/rsa
|
|||||||
+ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
|
+ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
|
||||||
+ test = 1;
|
+ test = 1;
|
||||||
+
|
+
|
||||||
|
+retry:
|
||||||
+ /* generate p and q */
|
+ /* generate p and q */
|
||||||
+ for (i = 0; i < 5 * pbits; i++)
|
+ for (i = 0; i < 5 * pbits; i++)
|
||||||
+ {
|
+ {
|
||||||
@ -1246,7 +1283,18 @@ diff -up openssl-1.0.1i/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1i/crypto/rsa
|
|||||||
+ /* calculate d */
|
+ /* calculate d */
|
||||||
+ if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */
|
+ if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */
|
||||||
+ if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */
|
+ if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */
|
||||||
+ if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */
|
+
|
||||||
|
+ if (!BN_gcd(r0, r1, r2, ctx)) goto err;
|
||||||
|
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||||
|
+ {
|
||||||
|
+ pr0 = &local_r0;
|
||||||
|
+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ pr0 = r0;
|
||||||
|
+ if (!BN_div(r0, NULL, r1, pr0, ctx)) goto err;
|
||||||
|
+ if (!BN_mul(r0,r0,r2,ctx)) goto err; /* lcm(p-1, q-1) */
|
||||||
|
+
|
||||||
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||||
+ {
|
+ {
|
||||||
+ pr0 = &local_r0;
|
+ pr0 = &local_r0;
|
||||||
@ -1256,6 +1304,8 @@ diff -up openssl-1.0.1i/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1i/crypto/rsa
|
|||||||
+ pr0 = r0;
|
+ pr0 = r0;
|
||||||
+ if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */
|
+ if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */
|
||||||
+
|
+
|
||||||
|
+ if (BN_num_bits(rsa->d) < pbits) goto retry; /* d is too small */
|
||||||
|
+
|
||||||
+ /* set up d for correct BN_FLG_CONSTTIME flag */
|
+ /* set up d for correct BN_FLG_CONSTTIME flag */
|
||||||
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||||
+ {
|
+ {
|
||||||
@ -1307,7 +1357,7 @@ diff -up openssl-1.0.1i/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1i/crypto/rsa
|
|||||||
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
|
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
|
||||||
{
|
{
|
||||||
BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
|
BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
|
||||||
@@ -176,17 +393,12 @@ static int rsa_builtin_keygen(RSA *rsa,
|
@@ -176,17 +407,12 @@ static int rsa_builtin_keygen(RSA *rsa,
|
||||||
#ifdef OPENSSL_FIPS
|
#ifdef OPENSSL_FIPS
|
||||||
if (FIPS_module_mode())
|
if (FIPS_module_mode())
|
||||||
{
|
{
|
||||||
@ -1326,7 +1376,7 @@ diff -up openssl-1.0.1i/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1i/crypto/rsa
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -301,17 +513,6 @@ static int rsa_builtin_keygen(RSA *rsa,
|
@@ -301,17 +527,6 @@ static int rsa_builtin_keygen(RSA *rsa,
|
||||||
p = rsa->p;
|
p = rsa->p;
|
||||||
if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
|
if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
|
||||||
|
|
||||||
|
|||||||
@ -23,7 +23,7 @@
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.0.1j
|
Version: 1.0.1j
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -478,6 +478,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
|||||||
%postun libs -p /sbin/ldconfig
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Oct 21 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1j-2
|
||||||
|
- update the FIPS RSA keygen to be FIPS 186-4 compliant
|
||||||
|
|
||||||
* Thu Oct 16 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1j-1
|
* Thu Oct 16 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1j-1
|
||||||
- new upstream release fixing multiple security issues
|
- new upstream release fixing multiple security issues
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user